| Recently with the development and widespread use of the internet globally, more and more enterprises and organizations connect their private network to the internet.They can sharethe comprehensive resource on the internet also brings a lot of security problems. So it is,necessary to improve the security of the internal networks. Firewall is a kind of network security technology in common use.In this paper, at first ,the basis conception of network security and firewall is analyzed. And then, a compositive firewall used in host under Ethernet environment is designed. This firewall uses the Packet Filter technology, but it make some improvement over the coventional Packet Filter technology. In the Filter rules, the rule based Keyword in the Packets and the rule base TCP connection Stateful Inspect is added. Besides these rules, an IDS (Intrusion Detection System)module is integrated in, the firewall,which makes firewall can response the abnormal state in the network. The IDS module improve the security of host system. At the end of this paper, the realization of this firewall under Linux operationsystem and the test of this firewall is described. |
PDF Full Text Request